Critical Infrastructure Security
,
Cybercrime
,
Fraud Management & Cybercrime
NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure
A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure.
The Dutch National Cyber Security Centre or the NCSC NL on Monday said several critical infrastructure organizations in the country were hacked by the attackers, who exploited the vulnerability in Citrix NetScaler, tracked as CVE-2025-6543.
“The NCSC identifies the attacks as the work of one or more actors using sophisticated methods. The vulnerability was exploited as a zero-day vulnerability, and traces were erased to conceal the compromise at the affected organizations,” the NCSC said, adding that the agency will continue to assess the impact of the breach, including how the organizations may have been breached.
The update comes on the heels of the phased restoration of the Dutch Public Prosecution Service’s networks, after a cyberattack in May forced the agency to take key services offline (see: Dutch Prosecutors Recover From Suspected Russian Hack).
The attack severely disrupted operations across the Dutch judicial system, national police, Central Judicial Collection Agency and the Netherlands Forensic Institute.
Hackers compromised the Citrix memory overflow flaw in May. The NCSC and Citrix issued a patch alert. In July, the Dutch cyber agency uncovered evidence of potential exploitation, with several organizations disclosing system breaches to the agency. The agency launched an official probe into the breach at the end of July.
“Several investigations are currently underway into the scope, nature and impact of the attacks. Together with affected organizations, incident response organizations and security partners, we are continuing to uncover new indicators,” the NCSC said.
The NCSC-NL did not provide any additional information on the suspected hackers, although citing “well-informed sources,” Dutch newspaper Algemeen Dagblad in late July reported that Russian hackers are likely behind the hack, likely to gather intelligence from the prosecution office.
The Dutch government report came weeks after NATO warned of heightened cyberthreats from Moscow against Western critical infrastructure, intended to weaken Europe’s support to Ukraine (see: France Says Russia Is Top Threat, Warns of ‘Open Warfare’)./p>
The Dutch intelligence service in May disclosed details of a previously unseen Russian nation-state group called Laundry Bear that stole work-related contact details from Dutch police officers (see: Dutch Prosecutors Recover From Suspected Russian Hack).